As 25th May 2018 marks the implementation of the General Data Protection Regulation (no “s”) – what on earth’s been going on?
Has this dastardly piece of legislation suddenly been thrust upon us? Who did this? Why didn’t anyone tell us. Well, it’s been law since June 2016. It’s no surprise. It’s European legislation, but legislation to which the UK government was always and remains committed.
Who owns your personal data?
Maybe those complaining about it should think through to the apparent abuse of personal data which giant tech companies appear to have been part of, leading to individuals being microtargetted to influence, among other things their votes in elections. Whose information is my personal data? When I express an interest in (to take an innocent example) new bike wheels, did I really mean for the bike wheel vendors of the world to be alerted to my readiness to enter this market?
When I express an interest in (to take an innocent example) new bike wheels, did I really mean for the bike wheel vendors of the world to be alerted to my readiness to enter this market?
This personal data is mine. I provide it for deliberate purposes; but the problem is that over the years, we have all sacrificed our privacy for convenience, and now we’re prey. So it may be that we’re wary of government claiming to protect us, but we’re not in an even contest with the aggregators of big data. In 1995 when the Data Protection Directive was issued, the world wide web was four years old. My, how it’s grown.
Responding to the legislation
The Regulation is a burden – we can’t get away from that. Corporates must act, but smaller businesses will have to devote time too – a contact recently shared that he had even received a letter from his milkman informing him of the data held on record, milk preferences and all!
Corporates must act, but smaller businesses will have to devote time too
There isn’t a quick fix, a silver, gold or titanium bullet that says you’re compliant. This isn’t a onetime thing, and you’re home free. It isn’t, as one software salesman told me, “all about consent”.
It is around understanding that we are in a different world, where not every collector of data is benign as your friendly neighbourhood milkman and where we’re leaking our personal information all the time. Unfortunately, that means that there needs to be balances to protect personal data, and so yes, businesses have to adapt and undertake their responsibilities. It’s hard, it’s not what we want to spend our time doing, but it’s not our data, as businesses. It’s our data, as individuals, and when we realise what can happen if it’s not safeguarded, we can understand why this is necessary. We might moan about “health & safety”, but we realise that when done poorly, people get injured or killed. Poor data protection means people get defrauded, targeted, misused and abused. We just have to do it.
Oh we don’t want to lose you
So now, suddenly, we’re deluged with “Don’t leave us” e-mails, and most of us are deleting most of them, because we never signed up, we’ve never heard of some of the people who have our information. Businesses complain that their mailing lists are being decimated (literally – 90% loss, 10% left). But they’re left with people who want to hear from them.
Some of the e-mails you’ve been getting are bizarrely wrong; we data protection geeks get a very low-level buzz from counting what’s wrong with some, including those who tell you they’re retaining your data for reasons which are not OK.
GDPR is here to stay
It’s imperfect legislation, no doubt, depending on where you’re sitting; but those who have taken time and seriously addressed their data protection issues will know that it’s an area where the more you dig, the more granular the issues become, and the more bespoke your way of dealing with it needs to be.
In this world understanding the protection of personal data is actually for everyone, not to be outsourced wholesale to the data protection geeks; they/we can help with the mechanics of it, but we all have to live in the world where data is important, valuable and needs safeguarding. Data protection isn’t a one off millennium bug (which wasn’t a bug, but was a real threat); it’s here to stay, and all businesses, from milkmen to multi nationals need to make it part of how they do business.
Paul Berwin is a leading technology and digital law specialist and heads Berwins Digital, the specialist IT and Technology division of Berwins.